How To NSA Proof Your Cloud Storage and Backup

If you dislike the idea of the possibility that some government agency, like the NSA or any of the Five Eyes snooping on the data you save in the cloud or even just to keep your data safe from any number of hackers and malware out there then there are steps you can take to make sure your data stays safe and not view able by anyone but you.

Step One – Encryption
The first step in keeping your data safe from prying eyes, no matter the source, is to encrypt your data on your local computer before it is ever uploaded to the cloud. There are any number of tools you can do that with and depending on your needs will depend on what you decide to us. Lifehacker had a top five file encryption tools post back in January and there were some very good options listed there including:

VeraCrypt – Windows/OS X/Linux. VeraCrypt is the most like TrueCrypt and can load TrueCrypt volumes. If you already use TrueCrypt and want to move away from it since it is no longer being updated VeraCrypt might be your best choice.

AxCrypt – Windows. AxCrypt is open source and is easy for most people to use to encrypt files from the Windows Explorer. A simple right click and your files can be encrypted.

BitLocker – Windows. BitLocker is the full-disk encryption tool built in to Windows Vista and Windows 7 (Ultimate and Enterprise), and into Windows 8 (Pro and Enterprise), as well as Windows Server (2008 and later). If you think Microsoft is in bed with the NSA you might want to actually avoid this tool.

GNU Privacy Guard (GnuPG) – Windows/OS X/Linux. An open-source implementation of Pretty Good Privacy (PGP). It can encrypt everything from email to ordinary files to entire volumes, the hard part is finding a user interface you like and are comfortable with.

7-Zip – Windows/OS X/Linux. While 7-Zip is actually a file archiving utility, it offers a plain easy to use encryption option. If you just want to protect certain folders or files this is an easy to use option.

In the past I would have always recommended TrueCrypt, and if you know and trust Steve Gibson then I think you could still use TrueCrypt. The downside might be lack of any further development on the software which could cause problems as new operating systems are released.

Step Two – Upload to Cloud Provider
If you have securely encrypted your data using one of the tools above it does not really matter which cloud provider you decide to use. If you are looking to backup your data you might choose to use Backblaze, CrashPlan or any other backup service reviewed here on Cloud Storage Buzz. You could even use strictly cloud storage services like Dropbox, Google Drive or even the new Amazon Cloud Drive if you like.

The encryption security of the cloud provider here is really not that important because if you have properly secured and encrypted your files in step one the data you upload to the cloud backup or storage service is simply a mass of data that is unreadable. You could use a service with private key encryption and make your data even more unreadable by prying eyes but that may or may not make your data any more secure.

Depending on the cloud backup or storage service you decide to upload your blob of encrypted data too there might be some extra steps you will want to take. For example: Backblaze tends to upload all the data it can find on a system. You would want to make sure you exclude all folders except your encrypted data. The new Amazon Cloud Drive Unlimited Everything plan does not automatically upload changes so you would need to manually upload new changes. Dropbox can upload whole TrueCrypt and VeraCrypt containers, but they need to be set to change the modified file date or they will not sync (last I tested this was still the case).

Pros
The pros to encrypting your data before uploading it to a cloud service are simple, increased security for your data. You have control over your data, how it is accessed and who has access by keeping the encryption keys. This should effectively eliminate the fact that government agencies, hackers and others from seeing your data whether you have something to hide or not. Your privacy is protected.

Cons
With the added security of encrypting your files before uploading them to the cloud comes some downsides, mostly around ease of use and access of your data. By controlling your own encryption keys you are limiting how you also can access your data. There are some services that try to help you with the problem of access with better encryption. These services offer to provide you with stronger encryption before uploading but offer you more access with apps for your mobile and tablets. Three services that come to mind are:

A few notes about this post. I am not a security researcher, I do not know all the ins and outs of encryption. Second, I am not a programmer so I cannot verify that the source code of some of the software I talked about in this article is backdoor free. Third, I cannot verify that the NSA or some other government agency from your country cannot read your data, but in theory with strong encryption your data should be safe unless you are forced to hand over your encryption keys.

Do you encrypt your data before uploading it to the cloud? What tools do you use to protect your privacy?